If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Can this setting in Win 7 thwart most Metasploit attacks?

I came across this setting in group policy in Windows 7 Ultimate which says "Allow Remote Shell Access" which is "Not Configured" in its default state which means it allows remote shell access in its default state.

However, if I configure it to disable remote windows shell will it help me defend against
most metasploit type attacks which use "reverse_shell" as its payload?

Having knowledge is one thing and applying that knowledge to earn money (of course, legally) is a completely different thing...

Re: Can this setting in Win 7 thwart most Metasploit attacks?

No because Metasploit uses various attacks against software vulnerabilities like a buffer overflow , heap overflow ,SEH overflowing and heap spraying in order to run arbitrary code (various shellcodes).
By gaining control over return address and running code in privileged process space metasploit can even attack other windows components, it is possible to inject dll,create remote thread , hooking IAT
unlinking ProcessListHead structure which is very useful to hide your process from OS also idt and ssdt hooking, but this must be performed from the kernel mode.

Re: Can this setting in Win 7 thwart most Metasploit attacks?

Originally Posted by exus69

I came across this setting in group policy in Windows 7 Ultimate which says "Allow Remote Shell Access" which is "Not Configured" in its default state which means it allows remote shell access in its default state.

However, if I configure it to disable remote windows shell will it help me defend against
most metasploit type attacks which use "reverse_shell" as its payload?

Easy way to throw off any remote attack is to rename you computer to localhost this way if they try to netbios attacks Unix will attack it self.
There are a few other things you can do too, but I find this one really fun to screw people with.

Evil is an art form !!!

One more thing can do is turn your firewall into an IDS with IPS protection this will require you to remove all rules and set the firewall in active learning mode. Then the hacker will have to try to smash your TCP stack. Odds of a hacker getting in before you react is not likely. Most hacks rely on human error or laziness of not keeping up with security.

Well see yea at DefCon in August....

Webmaster be more snappy on getting posts out you still haven't posted my FreeNX howto.

Re: Can this setting in Win 7 thwart most Metasploit attacks?

One more thing can do is turn your firewall into an IDS with IPS protection this will require you to remove all rules and set the firewall in active learning mode. Then the hacker will have to try to smash your TCP stack. Odds of a hacker getting in before you react is not likely. Most hacks rely on human error or laziness of not keeping up with security.

Today most of the attacks are client-based explotation over outgoing outbound ports in order to protect against such a attacks firewall should install filter and/or intermediate driver sitting above miniport driver,
both of them should use advanced real-time disassembling engines with behavioural and signature based scanning and analyzing of bypassing malicious traffic when concerning x86 architecture with its variable length ISA so called real-time disassembling of the obfuscated binaries is hard problem.